Saturday, January 2, 2010

Cryptic WCF error messages (part 7 of N)

@YaronNaveh

Yet another post in the ongoing series.

This one happens when you use 2-way ssl (e.g. client authenticates with an X.509 certificate in the HTTP level). You may get this error message:


The HTTP request was forbidden with client authentication scheme 'Anonymous'.


This simply means the client certificate failed validation on the server. So check you use the correct certificate and that it is valid on the server.

@YaronNaveh

What's next? get this blog rss updates or register for mail updates!

4 comments:

David said...

and how do you check it is configured correctly

say it cn=ClientSide
and it was made by makecert so obviously not sgined by a truxted CA
if I put it under the TrustedPeople on the Local Computer
Isn't it enough?
What am I missing?

Is there a tool which can figure it out?

Yaron Naveh (MVP) said...

Try to put it in the trusted root auth too

David said...

nope. Didn't work...

This is what I have in the server configuration:

_host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
_host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
_host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine;

David said...

Sorry I missed that.
The trick was to make the certificate self signed and then as you said put it in the Trusted CAs